Re: Guaranteeing running code is signed

Björn Persson <bjorn rombobjörn se> writes:
> It's impossible to verify the security of a computer system from within the
> system itself. If a malicious person may have had root access, then RPM, GPG,
> SElinux and the auditing subsystem may all have been tampered with and you
> can't trust that they tell you the truth. Reinstalling is the only way to be
> sure.
Sure? Someone may have planted something in a motherboard flash ROM
(easy), in VGA flash, in CD/DVD flash, in HDD flash and/or "service"
sectors etc.
You can't be 100% sure that a brand-new hardware is clean.
--
Krzysztof Halasa